Improving Web Vulnerability Scanning. Daniel Zulla
|
|
- Paula Tate
- 8 years ago
- Views:
Transcription
1 Improving Web Vulnerability Scanning 1 Daniel Zulla
2 Introduction Hey! 2 Hi there! I m Dan. This is my first year at DEFCON. I do programming and security start-ups. I do some penetration testing as well
3 More Introduction 3 Today I m going to talk about vulnerability scanning Primary on the web The cloud is involved as well Network security too I ll show some things, so there is plenty of demo time Have fun, thanks for being here!
4 Some Facts 4 There are a lot of web vulnerability scanners, fuzzers and penetration testing tools out there already Some of them work, some of them do not But basically all of them have one thing in common: They actually don t attack web applications on the application layer They mostly fuzz HTTP and sometimes perform injection attacks
5 Some more facts 5 The fundamental design of web scanners has not changed in over a decade But: The web has changed. So there seems to be a problem.
6 Software Architecture What web vulnerability scanners and fuzzers look like 6 Plugins A HTTP Library RXSS BSQLI EVAL The Core PXSS LFI OSC Output Engine Multithreading / Forking SQL RFI [...]
7 A pentesters point of view 7 Javascript/Ajax rich applications are still not supported Authenticated scanning is still incredibly challenging / not reliable Exploitation techniques are mostly poor I don t know which scanner will work for foo.com and which one for bar.com, so I use toolchains
8 A developers point of view 8 Javascript/Ajax rich applications are still not supported Authenticated scanning is still incredibly challenging / not reliable Exploitation techniques are mostly poor I don t know which scanner will work for foo.com and which one for bar.com, so I use toolchains HTTP Libraries don t support JS - Scanners are based on an HTTP Libraries Web Logins are not standarized - So how should they be detected No time for exploits (Already spent lines [and nights] of code making the crawler immune to encoding issues, malformed HTML, redirects and binary content!) A false positive is better than a false negative
9 How I see it 9 Both of them are right. The web is a mess. Nobody cares about RFCs anymore. (Especially these SEO guys!) 10 years ago, you would have expected a Query String at the end of a URL like Nowadays, is good practice The result: It s incredibly hard for scanner developers to figure out the dynamic components of an HTTP request. Because of that, we feel overhelmed and fuzz nearly everything. Header Keys, Header Values, VHost, Cookie, Method, Path, Version,...
10 How I see it 10 Fuzzing HTTP is incredibly important. You never know if you are talking to an apache2, nginx or some hidden application server upstream But it has nothing to-do with web vulnerability scanning So - developers are struggling with websites because they use HTTP to crawl and attack them. Things like flash, images, javascript seems to be an unsolveable problem Redirects are hard to handle sometimes (wait there is more) Javascript redirects (after 10 seconds!) and of course: onmouseover, onclick, onfocus,... Flash isn t helpful either
11 Web But - WE DO SECURITY Is it really our job to make sure that our software executed all the JS and grabbed all the links? When we spend 100 hours on the crawler, and 5 hours on the actual payloads (that s how it looks right now) something, somewhere, went terribly wrong So - Is there a (open source?) piece of software that we could use instead of the HTTP library? Something that has prooven its mastery in handling unpredictably broken web content already? There is.
12 Webkit! 12
13 Webkit knows 13 Javascript CSS Rendering Javascript events Binary Downloads Redirects Broken HTML Flash Broken CSS Images Performance Websockets Forking / Multiprocessing WebGL [...]
14 Software Architecture What it should look like 14 The Front-End A HTTP Library The Core RXSS PXSS BSQLI LFI EVAL OSC Reporting Engine SQL RFI [...] The Exploitation Engine
15 Changes? Improvments? 15 Replacing the HTTP library by a Webkit Engine Less code (A lot less code) 100% support for JS/Ajax/Broken HTML/JS Events/Crazy Redirects and all kinds of things The ability to simulate human user behaviour CSS Renderings (Two text fields beside each other: 10px - one of them is a input[type=password]) - May be a login!
16 Making it scale (heavily) 16 Webkit is slow (Website rendering, Executing JS,... - compared to - Speaking Plaintext HTTP) Downloading Images is slow Waiting for delayed JS events is slow Flash is even slower
17 Making it scale (heavily) Bad news: Qt / PyQt / PySide 17 QtWebkit does not support multithreading It tends to SEGFAULT from time to time :( Multiple QApplication instances are almost impossible to handle in one Python namespace
18 Making it scale (heavily) Good news: Building a preforking TCP Server 18 Spawning a pool of processes works quite well (one QApplication +one Browser instance per Process) Simultaneous downloads Better accessibility inside the scanner (multiprocessing insides loops to increase performance)
19 Missing pieces 19 Mastering Authentication Exploitation & Privilege Escalation Geographically distributed scanning: Using the cloud Reporting
20 Mastering Authentication 20 There is no such thing as a standarized web login Basically, everybody develops access control on the web slightly differently You can try to detect them by the name/id of the attributes, but that is not reliable But in the end, Web logins generally have a few things in common that makes them easily detectable. At least, for our browser engine
21 Mastering Authentication Not more than 2 visible (!) text fields 21 has_login_texts()
22 Mastering Authentication Man-Behind-You Protection 22 is_input_hidden()
23 Mastering Authentication Geometry! Usually, the two visible text fields are under(), next_to() or at least near(radius=10px) each other 23 X1 = X2! X1 = X2 Y1 = Y2
24 Mastering Authentication 24 That was easy! The common way to solve that problem, is to iterate through a wordlist (login, auth, signin, [...]) while checking the input[id], input[name] attributes That s not necessarily wrong or bad practice After putting the pieces together:.login( username, password )
25 Mastering Authentication Demo Time 25 Proof Of Concept 1: Twitter (Some Javascript) Proof Of Concept 2: Facebook (More Javascript) Proof Of Concept 3: Google Plus (Most Javascript + Browser Hacks)
26 Mastering Authentication When we are signed in 26 New problems occur: How can we let the scanner check if we are indeed signed in? Common practive: Looking for a /logout/i String The problem: Inefficient. Likely to cause false positives There has to be a better way: Introduction Strategies
27 Strategy.Authentication Step 1: Identification 27 Identifying a login form (3-way approach, input[type=password], geometry, [...])
28 Strategy.Authentication Step 2: Error messages (Why a browser engines rocks) 28 Verifying wrong credentials - Random strings - Failed login #BA... -> #E4...
29 Strategy.Authentication Step 3: Going in:.login(..,.. ) 29 Verifying valid credentials - Behaviour should not be similiar to the behaviour of a invalid login
30 Strategy.Authentication Step 4: Going out..logout() 30 Doing similiar work again for.logout() function seems obsolote But it really isn t. It is the basis to a.is_still_loggedin() function Which is really important to stay logged in during crawling And if the scanner logged itself out, it can simply.login() again That s cool. :-)
31 Exploitation and Privilege Escalation 31 There is a whole universe besides injection vulnerabilities Usually, scanners don t detect them But they should And now they can:.login( user1,... );.logout();.login( user2,... ) => Demo Time: Privilege Escalation, Multi-User Systems
32 Geographically distributed scanning: Using the cloud 32 When (injection) vulnerabilities are getting complicated: Scenario 1: The backend of a website creates a log entry for every new IP address. It logs the USERAGENT. The log entries are kept in a SQL database. The function that creates the log entries, is vulnerable. The User-Agent is injectable. The problem is: It only works once. As soon as the IP is in the database, the function won t be executed anymore :-( ==> SQLMap (and every other tool) will fail.
33 Geographically distributed scanning: Using the cloud 33 But they shouldn t! The limitation is totally detectable And a new IP is just as far away as a single EC2 API call
34 Geographically distributed scanning: Using the cloud 34 Indeed! The cloud is a good thing for security :) Demo Time: Introducing: sqlmap and w3af (on steroids)
35 Combining Strategies and the distributed scanning 35 Introducing next generation vulnerability scanning Exploiting a really amazingly hard SQL Injection Demo Time
36 Further Research & Additional Ideas 36 Country specific restrictions can be by-passed in a fully automatic manner (Error) messages can be parsed and interpreted: Wolfram Alpha Bloomfilters should be integrated Other Strategies should be implemented (the limitations are gone)
37 More Live Demos 37 Demonstrating a logical layer beyond Authentication:.pay( , CVV=121, type=visa).search( search query ).sort( DESC UNION SELECT [...] ) Interpreting error messages Pivoting on penetrated hosts - Spawning another scanner instance And finally: Reporting!
38 Thanks! 38
(WAPT) Web Application Penetration Testing
(WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:
More informationCriteria for web application security check. Version 2015.1
Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-
More informationWebCruiser Web Vulnerability Scanner User Guide
WebCruiser Web Vulnerability Scanner User Guide Content 1. Software Introduction...2 2. Key Features...3 2.1. POST Data Resend...3 2.2. Vulnerability Scanner...6 2.3. SQL Injection...8 2.3.1. POST SQL
More informationHow to hack a website with Metasploit
How to hack a website with Metasploit By Sumedt Jitpukdebodin Normally, Penetration Tester or a Hacker use Metasploit to exploit vulnerability services in the target server or to create a payload to make
More informationLecture 11 Web Application Security (part 1)
Lecture 11 Web Application Security (part 1) Computer and Network Security 4th of January 2016 Computer Science and Engineering Department CSE Dep, ACS, UPB Lecture 11, Web Application Security (part 1)
More informationCracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference
Cracking the Perimeter via Web Application Hacking Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference About 403 Labs 403 Labs is a full-service information security and compliance
More informationASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION
ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION V 2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: Learn the various attacks like sql injections, cross site scripting, command execution
More informationRecon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins
Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins During initial stages of penetration testing it is essential to build a strong information foundation before you
More informationList of Scanner Features (3 of 3)
List of Features (3 of 3) Advanced Features Acunetix WVS ) JS/ analysis & crawling, URI Coverage for XSS & SQLi, Web Services Scanning Features, GHDB, Network Scanning Features, Subdomain, Authentication
More informationHow to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering
How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More informationDISCOVERY OF WEB-APPLICATION VULNERABILITIES USING FUZZING TECHNIQUES
DISCOVERY OF WEB-APPLICATION VULNERABILITIES USING FUZZING TECHNIQUES By Michael Crouse Dr. Errin W. Fulp, Ph.D., Advisor Abstract The increasingly high volume of users on the web and their use of web
More informationSTABLE & SECURE BANK lab writeup. Page 1 of 21
STABLE & SECURE BANK lab writeup 1 of 21 Penetrating an imaginary bank through real present-date security vulnerabilities PENTESTIT, a Russian Information Security company has launched its new, eighth
More informationWebCruiser User Guide
WebCruiser User Guide - Web Vulnerability Scanner 1. Software Introduction...2 2. User Guide...3 2.1. Scanner...3 2.2. SQL Injection...5 2.3. Cookie Injection Demo...6 2.4. Cross Site Scripting...10 2.5.
More informationSecurity vulnerabilities in new web applications. Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant
Security vulnerabilities in new web applications Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant $whoami Introduction Pavol Lupták 10+ years of practical experience in security and seeking vulnerabilities
More informationHP WebInspect Tutorial
HP WebInspect Tutorial Introduction: With the exponential increase in internet usage, companies around the world are now obsessed about having a web application of their own which would provide all the
More informationSecurity Basics - Lessons From a Paranoid. Stuart Larsen Yahoo! Paranoids - Pentest
Security Basics Lessons From a Paranoid Stuart Larsen Yahoo! Paranoids Pentest Overview Threat Modeling Common Web Vulnerabilities Automated Tooling Modern Attacks whoami Threat Modeling Analyzing the
More informationThe Web AppSec How-to: The Defenders Toolbox
The Web AppSec How-to: The Defenders Toolbox Web application security has made headline news in the past few years. Incidents such as the targeting of specific sites as a channel to distribute malware
More informationASL IT Security Advanced Web Exploitation Kung Fu V2.0
ASL IT Security Advanced Web Exploitation Kung Fu V2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: There is a lot more in modern day web exploitation than the good old alert( xss ) and union
More informationWeb Application Penetration Testing
Web Application Penetration Testing 2010 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Will Bechtel William.Bechtel@att.com
More informationUpdate logo and logo link on A Master. Update Date and Product on B Master
Cover Be sure to: Update META data Update logo and logo link on A Master Update Date and Product on B Master Web Performance Metrics 101 Contents Preface...3 Response Time...4 DNS Resolution Time... 4
More informationWeb Application Hacking (Penetration Testing) 5-day Hands-On Course
Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Course Description Our web sites are under attack on a daily basis
More informationTable of Contents. Open-Xchange Authentication & Session Handling. 1.Introduction...3
Open-Xchange Authentication & Session Handling Table of Contents 1.Introduction...3 2.System overview/implementation...4 2.1.Overview... 4 2.1.1.Access to IMAP back end services...4 2.1.2.Basic Implementation
More informationConducting Web Application Pentests. From Scoping to Report For Education Purposes Only
Conducting Web Application Pentests From Scoping to Report For Education Purposes Only Web App Pen Tests According to OWASP: A Web Application Penetration Test focuses only on evaluating the security of
More informationWeb Application Guidelines
Web Application Guidelines Web applications have become one of the most important topics in the security field. This is for several reasons: It can be simple for anyone to create working code without security
More informationHTTPParameter Pollution. ChrysostomosDaniel
HTTPParameter Pollution ChrysostomosDaniel Introduction Nowadays, many components from web applications are commonly run on the user s computer (such as Javascript), and not just on the application s provider
More informationCloud Application Security Assessment, Guerrilla Style
Cloud Application Security Assessment, Guerrilla Style SESSION ID: CSV-F03A Mark Orlando Director of Cyber Operations Foreground Security Adam Willard Application Security Analyst Foreground Security Agenda
More informationHow To Burp David Brown
How To Burp David Brown Senior Security Engineer Security Innovation In case you want to follow along https://portswigger.net/burp/download.html What is Burp? An HTTP Proxy and other things Built by lazy
More informationWeb Application Security Payloads. Andrés Riancho Director of Web Security OWASP AppSec USA 2011 - Minneapolis
Web Application Security Payloads Andrés Riancho Director of Web Security OWASP AppSec USA 2011 - Minneapolis Topics Short w3af introduction Automating Web application exploitation The problem and how
More informationPwning Intranets with HTML5
Javier Marcos de Prado Juan Galiana Lara Pwning Intranets with HTML5 2009 IBM Corporation Agenda How our attack works? How we discover what is in your network? What does your infrastructure tell us for
More informationDetecting and Exploiting XSS with Xenotix XSS Exploit Framework
Detecting and Exploiting XSS with Xenotix XSS Exploit Framework ajin25@gmail.com keralacyberforce.in Introduction Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s.
More informationCross-Site Scripting
Cross-Site Scripting (XSS) Computer and Network Security Seminar Fabrice Bodmer (fabrice.bodmer@unifr.ch) UNIFR - Winter Semester 2006-2007 XSS: Table of contents What is Cross-Site Scripting (XSS)? Some
More informationExternal Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION
External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security
More informationWEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY
WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities
More informationWeb Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability
Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange
More information1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications
1. Introduction 2. Web Application 3. Components 4. Common Vulnerabilities 5. Improving security in Web applications 2 What does World Wide Web security mean? Webmasters=> confidence that their site won
More informationWeb Application Security
E-SPIN PROFESSIONAL BOOK Vulnerability Management Web Application Security ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMBATING THE WEB VULNERABILITY THREAT Editor s Summary
More informationSecurity Products Development. Leon Juranic leon@defensecode.com
Security Products Development Leon Juranic leon@defensecode.com Security Products Development Q: Why I picked this boring topic at all? A: Avoidance of any hackingrelated topics for fsec (khm.) :) Security
More informationApplication Security Testing. Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il
Application Security Testing Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il Agenda The most common security vulnerabilities you should test for Understanding the problems
More informationHardened Plone. Making Your Plone Site Even More Secure. Presented by: Nathan Van Gheem
Hardened Plone Making Your Plone Site Even More Secure Presented by: Nathan Van Gheem Plone Security Flexible and granular ACL/roles-based security model of Zope All input in Plone is validated Plone does
More informationPenetration Testing Lessons Learned. Security Research
1 Penetration Testing Lessons Learned Security Research 2 Who am I? CTO at Immunity, Inc. Privately held information security company Consulting Training Specialized Security Products CANVAS SILICA Based
More informationWeb Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure
Vulnerabilities, Weakness and Countermeasures Massimo Cotelli CISSP Secure : Goal of This Talk Security awareness purpose Know the Web Application vulnerabilities Understand the impacts and consequences
More informationThe purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.
This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out
More informationEVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke
EVALUATING COMMERCIAL WEB APPLICATION SECURITY By Aaron Parke Outline Project background What and why? Targeted sites Testing process Burp s findings Technical talk My findings and thoughts Questions Project
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationCSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities
CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities Thomas Moyer Spring 2010 1 Web Applications What has changed with web applications? Traditional applications
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationSoftware Requirements Specification
Software Requirements Specification Version 1.1 March 7, 2013 Prepared by Group Name: The Constructors Alex Hamstra 4506291 alexhamstra@gmail.com Jared Roesch 4826574 roeschinc@gmail.com Kyle Jorgensen
More informationØredev 2006. Web application testing using a proxy. Lucas Nelson, Symantec Inc.
Øredev 2006 Web application testing using a proxy Lucas Nelson, Symantec Inc. Agenda What is a proxy? Setting up your environment Pre-login tests Post-login tests Conclusion A man in the middle proxy The
More informationMatriXay WEB Application Vulnerability Scanner V 5.0. 1. Overview. (DAS- WEBScan ) - - - - - The best WEB application assessment tool
MatriXay DAS-WEBScan MatriXay WEB Application Vulnerability Scanner V 5.0 (DAS- WEBScan ) - - - - - The best WEB application assessment tool 1. Overview MatriXay DAS- Webscan is a specific application
More informationSichere Software- Entwicklung für Java Entwickler
Sichere Software- Entwicklung für Java Entwickler Dominik Schadow Senior Consultant Trivadis GmbH 05/09/2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART
More informationBDD FOR AUTOMATING WEB APPLICATION TESTING. Stephen de Vries
BDD FOR AUTOMATING WEB APPLICATION TESTING Stephen de Vries www.continuumsecurity.net INTRODUCTION Security Testing of web applications, both in the form of automated scanning and manual security assessment
More informationEssential IT Security Testing
Essential IT Security Testing Application Security Testing for System Testers By Andrew Muller Director of Ionize Who is this guy? IT Security consultant to the stars Member of OWASP Member of IT-012-04
More informationVIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES. AUTHOR: Chema Alonso
VIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES AUTHOR: Chema Alonso Informática 64. Microsoft MVP Enterprise Security Hello and welcome to Intypedia.
More informationFIVE WAYS TO OPTIMIZE MOBILE WEBSITE PERFORMANCE WITH PAGE SPEED
WHITE PAPER: MOBILE WEBSITE PERFORMANCE FIVE WAYS TO OPTIMIZE MOBILE WEBSITE PERFORMANCE WITH PAGE SPEED SNOOZE, YOU LOSE. TODAY S MOBILE USERS EXPECT PERFORMANCE DELIVERED FAST. For those of us who depend
More informationCrawl Proxy Installation and Configuration Guide
Crawl Proxy Installation and Configuration Guide Google Enterprise EMEA Google Search Appliance is able to natively crawl secure content coming from multiple sources using for instance the following main
More informationLoad testing with. WAPT Cloud. Quick Start Guide
Load testing with WAPT Cloud Quick Start Guide This document describes step by step how to create a simple typical test for a web application, execute it and interpret the results. 2007-2015 SoftLogica
More informationPenetration Testing: Lessons from the Field
Penetration Testing: Lessons from the Field CORE SECURITY TECHNOLOGIES SCS SERVICES May 2009 1 Agenda: About me: Alberto Soliño Director of Security Consulting Services at Core Security One of first five
More informationChallenges of Automated Web Application Scanning
1 Challenges of Automated Web Application Scanning "Why automated scanning only solves half the problem." Blackhat Windows 2004 Seattle, WA Jeremiah Grossman (CEO) WhiteHat Security, Inc. 2 Speaker Bio
More informationLeveraging User Interactions for In-Depth Testing of Web Applications
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister 1,EnginKirda 2, and Christopher Kruegel 3 1 Secure Systems Lab, Technical University Vienna, Austria sean@seclab.tuwien.ac.at
More informationReal World Web Service Testing For Web Hackers
Real World Web Service Testing For Web Hackers TOM ESTON» Senior Security Consultant SecureState» Web Application / Network Penetration Tester» Founder of SocialMediaSecurity.com» Previous Security Research
More informationTHE OPEN UNIVERSITY OF TANZANIA
THE OPEN UNIVERSITY OF TANZANIA Institute of Educational and Management Technologies COURSE OUTLINES FOR DIPLOMA IN COMPUTER SCIENCE 2 nd YEAR (NTA LEVEL 6) SEMESTER I 06101: Advanced Website Design Gather
More informationMavituna Security Ltd. Finance House, 522A Uxbridge Rd. Pinner. HA5 3PU / UK +44 845 686 3001 +44 845 686 5001
Netsparker is the first false-positive free scanner. In this document you can see the details of features, how to use them and how to tweak Netsparker. If you can t find what you are looking for, please
More informationIntrusion detection for web applications
Intrusion detection for web applications Intrusion detection for web applications Łukasz Pilorz Application Security Team, Allegro.pl Reasons for using IDS solutions known weaknesses and vulnerabilities
More informationFront-End Performance Testing and Optimization
Front-End Performance Testing and Optimization Abstract Today, web user turnaround starts from more than 3 seconds of response time. This demands performance optimization on all application levels. Client
More informationCyber Security Challenge Australia 2014
Cyber Security Challenge Australia 2014 www.cyberchallenge.com.au CySCA2014 Web Penetration Testing Writeup Background: Pentest the web server that is hosted in the environment at www.fortcerts.cysca Web
More informationAcunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.
Acunetix Web Vulnerability Scanner Getting Started V8 By Acunetix Ltd. 1 Starting a Scan The Scan Wizard allows you to quickly set-up an automated scan of your website. An automated scan provides a comprehensive
More informationAcunetix Website Audit. 5 November, 2014. Developer Report. Generated by Acunetix WVS Reporter (v8.0 Build 20120808)
Acunetix Website Audit 5 November, 2014 Developer Report Generated by Acunetix WVS Reporter (v8.0 Build 20120808) Scan of http://filesbi.go.id:80/ Scan details Scan information Starttime 05/11/2014 14:44:06
More informationMaltego Tungsten as a collaborative attack platform BlackHat 2013
Maltego Tungsten as a collaborative attack platform BlackHat 2013 About us Schedule Why did we do this? Introduction to Maltego Tungsten Maltego with Teeth Design principles Infrastructure attacks Attacking
More informationFinding and Preventing Cross- Site Request Forgery. Tom Gallagher Security Test Lead, Microsoft
Finding and Preventing Cross- Site Request Forgery Tom Gallagher Security Test Lead, Microsoft Agenda Quick reminder of how HTML forms work How cross-site request forgery (CSRF) attack works Obstacles
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationA Tool for Evaluation and Optimization of Web Application Performance
A Tool for Evaluation and Optimization of Web Application Performance Tomáš Černý 1 cernyto3@fel.cvut.cz Michael J. Donahoo 2 jeff_donahoo@baylor.edu Abstract: One of the main goals of web application
More informationAdding Value to Automated Web Scans. Burp Suite and Beyond
Adding Value to Automated Web Scans Burp Suite and Beyond Automated Scanning vs Manual Tes;ng Manual Tes;ng Tools/Suites At MSU - QualysGuard WAS & Burp Suite Automated Scanning - iden;fy acack surface
More informationPlaying with Web Application Firewalls
Playing with Web Application Firewalls DEFCON 16, August 8-10, 2008, Las Vegas, NV, USA Who is Wendel Guglielmetti Henrique? Penetration Test analyst at SecurityLabs - Intruders Tiger Team Security division
More informationBust a cap in a web app with OWASP ZAP
The OWASP Foundation http://www.owasp.org Bust a cap in a web app with OWASP ZAP Adrien de Beaupré GSEC, GCIH, GPEN, GWAPT, GCIA, GXPN ZAP Evangelist Intru-Shun.ca Inc. SANS Instructor, Penetration Tester,
More informationIntroduction:... 1 Security in SDLC:... 2 Penetration Testing Methodology: Case Study... 3
Table of Contents Introduction:... 1 Security in SDLC:... 2 Penetration Testing Methodology: Case Study... 3 Information Gathering... 3 Vulnerability Testing... 7 OWASP TOP 10 Vulnerabilities:... 8 Injection
More informationTwo Novel Server-Side Attacks against Log File in Shared Web Hosting Servers
Two Novel Server-Side Attacks against Log File in Shared Web Hosting Servers Seyed Ali Mirheidari 1, Sajjad Arshad 2, Saeidreza Khoshkdahan 3, Rasool Jalili 4 1 Computer Engineering Department, Sharif
More informationApplication security testing: Protecting your application and data
E-Book Application security testing: Protecting your application and data Application security testing is critical in ensuring your data and application is safe from security attack. This ebook offers
More informationNewsletter - September 2014. T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER
Newsletter - September 2014 T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER Tools! Lots of Tools Released! During September 2014, we published 7 Posts with 2 News Tools. Organized by Date OWASP Xenotix
More informationSyllogistic Web Application Testing Dyad Labs, Inc.
Syllogistic Web Application Testing INTRODUCTION TO WEB APPLICATION TESTING - LESSONS LEARNED - MOVING FORWARD At this talk we will provide insights we ve learned from performing web application testing,
More informationA Tale of the Weaknesses of Current Client-side XSS Filtering
A Tale of the Weaknesses of Current Client-side XSS Filtering Sebastian Lekies (@sebastianlekies), Ben Stock (@kcotsneb) and Martin Johns (@datenkeller) Attention hackers! These slides are preliminary!
More informationCreating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011 Agenda Evolving Threats Operating System Application User Generated Content JPL s Application Security Program Securing
More informationWebCruiser Web Vulnerability Scanner User Guide
WebCruiser Web Vulnerability Scanner User Guide Content 1. Software Introduction... 3 2. Main Function... 4 2.1. Web Vulnerability Scanner... 4 2.2. SQL Injection Tool... 6 2.3. Cross Site Scripting...
More informationEXTRA. Vulnerability scanners are indispensable both VULNERABILITY SCANNER
Vulnerability scanners are indispensable both for vulnerability assessments and penetration tests. One of the first things a tester does when faced with a network is fire up a network scanner or even several
More informationBank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM
Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM Agenda Introduction to Application Hacking Demonstration of Attack Tool Common Web Application Attacks Live Bank Hacking Demonstration
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationExternal Network & Web Application Assessment. For The XXX Group LLC October 2012
External Network & Web Application Assessment For The XXX Group LLC October 2012 This report is solely for the use of client personal. No part of it may be circulated, quoted, or reproduced for distribution
More informationProject 2: Web Security Pitfalls
EECS 388 September 19, 2014 Intro to Computer Security Project 2: Web Security Pitfalls Project 2: Web Security Pitfalls This project is due on Thursday, October 9 at 6 p.m. and counts for 8% of your course
More informationSecurity features of ZK Framework
1 Security features of ZK Framework This document provides a brief overview of security concerns related to JavaScript powered enterprise web application in general and how ZK built-in features secures
More informationDNS REBINDING DENIS BARANOV, POSITIVE TECHNOLOGIES
DNS REBINDING DENIS BARANOV, POSITIVE TECHNOLOGIES TABLE OF CONTENTS 1 Bypassing The Restrictions 3 2 Putting It into Practice 5 3 Actual Load 7 4 Detection Of The Application Version 5 Guessing A/The
More informationApplication Layer Encryption: Protecting against Application Logic and Session Theft Attacks. Whitepaper
Application Layer Encryption: Protecting against Application Logic and Session Theft Attacks Whitepaper The security industry has extensively focused on protecting against malicious injection attacks like
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationCheck list for web developers
Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation
More informationChapter 1 Web Application (In)security 1
Introduction xxiii Chapter 1 Web Application (In)security 1 The Evolution of Web Applications 2 Common Web Application Functions 4 Benefits of Web Applications 5 Web Application Security 6 "This Site Is
More informationMETHODS TO TEST WEB APPLICATION SCANNERS
METHODS TO TEST WEB APPLICATION SCANNERS Fernando Román Muñoz, Luis Javier García Villalba Group of Analysis, Security and Systems (GASS) Department of Software Engineering and Artificial Intelligence
More informationUnderstanding Web Application Security Issues
Understanding Web Application Security Issues Pankaj Sharma January 30, 2009 Indian Computer Emergency Response Team ( CERT - IN ) Department Of Information Technology 1 Agenda Introduction What are Web
More informationWebapps Vulnerability Report
Tuesday, May 1, 2012 Webapps Vulnerability Report Introduction This report provides detailed information of every vulnerability that was found and successfully exploited by CORE Impact Professional during
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
More informationLearn Ethical Hacking, Become a Pentester
Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,
More informationWeb application security: Testing for vulnerabilities
Web application security: Testing for vulnerabilities Using open source tools to test your site Jeff Orloff Technology Coordinator/Consultant Sequoia Media Services Inc. Skill Level: Intermediate Date:
More information